01. What is LSO?
02. What are the steps to conduct LSO audits?
03. What activities does the Design phase involve?
04. What activities does the Build Phase involve?
05. What Activities does the Deploy Phase involve?
06. What Activities does the Report Phase involve?
07. Why to take LSO audits?
08. What is the general format of the audits?
09. What are the steps in preparing a question bank?
10. What are sections?
11. What are proprietary sections?
12. What are Litmus Assigned sections?
13. What are subsections?
14. What criterion is following to assign question
for Audit?
15. Can a user see all the sections associated with
his/her Audit profile?
16. How many types of Question/Responses?
17. What is Dichotomous Question?
18. What is Multiple Choice Questions (MCQ)?
19. What is Combo Box?
20. What is List Box?
21. What is Descriptive Questions?
22. What Rating built-ins exist in LSO application?
23. What types of reports Litmus had?
24. What is single user report?
25. What is Cross Analysis Report?
26. What is Multiple User Report?
27. What is Custom Report?
28. Is Online audit questionnaire information is
safe?
29. How much time does it take to upload application?
30. How long can I use the LSO application?
31. Do you provide any online or offline support?
32. Do you offer products in another language?
33. What do I do if I get disconnected from the
Internet while appearing for a test?
34. What are the passing marks for audit?
35. What OS platforms is LSO Compatible with?
36. How many databases is LSO Compatible with?
37. What are the system requirements for accessing
Litmus application?
(Top)
Litmus Secure Online (LSO) is a secure online audit platform that
helps clients evaluates their organizational security awareness
and business process effectiveness.
(Top)
Litmus audits involve a simple 4 step process.
Design => Build => Deploy => Report (Link to process
page)
(Top)
-Identify the Audit Scope &
objectives.
-Identify and Define Audit criteria
-Review Audit criteria
-Generate a list of interdependencies
-Identify cross analysis criteria
-Define User’s Audit profiles
(Top)
- Build customized questionnaire
based on audit criteria.
- Unique at company, department, individual levels
- Flexible easy-to-Build Proprietary Question banks
- Construct Segmented Question Bank by sections/sub sections.
- Sequence and Grade the questions for quantitative drill
down reporting.
- Assign sections to User Profiles
(Top)
- Generate User IDs & passwords
- Email User ids and passwords to users using encrypted
mail
(Top)
> Review response from users
> Generate analysis based on:
- Organization
- Department
- Individual criteria
- Inter-dependant criteria
- Cross analysis criteria
> Generate Informative Drill-down reports
> Send Reports to assigned audit manager
(Top)
LSO is an integrated audit tool designed
for auditors to evaluate corporations, government agencies, utilities
& communication companies, vendors and systems integrators
to attain compliance.
(Top)
The general format of the audit is :
Nature of Tests: Dichotomous
Questions, Multiple Choice Questions, Combo Box, List Box, Descriptive
Questions
Duration: 21 days
Number of questions: Depends upon sections but generally
consist of 30 to 40 in number.
Negative marking: No negative marking for wrong answers
Question weight age: All questions carry variable marks
except descriptive and list box questions.
Reports: After audit completion Reports prepared and send
to client.
(Top)
(Proprietary and Litmus Owned)
The steps are:
Identify the questions and answers
Rate questions according to importance
of questions.
Construct the sections and sub sections.
Assign sub sections to sections
Assign subsections to questions.
Assign response type to questions.
Assign answers and rating to questions.
(Top)
LSO has two types of sections:
• Proprietary sections
• Litmus Owned sections
A) Sections are like chapters in a
book with descriptions. They are used for easy manageability of
questions, answers and rating.
EXAMPLE:
Section Name: Security Management
Description: Security management section
contains questions that evaluate integration between security
& business needs.
(Top)
Section which is privately owned by Company only known as proprietary
sections and which will not shown to any third party.
Proprietary sections are not:
(Top)
The sections or question banks which are generated by Litmus InfoSec.
(Top)
A) Sub-sections are like sub-headings
in chapters in the book with descriptions. They are used to simplify
section management.
EXAMPLE:
Sub-section Name:
1) Policies and Procedures with description
(Top)
Questions are not allocated to audit
profile instead Litmus will assign sections (collection of questions)
based on users profiles built based on the audit criteria and
individual skills, competency profile.
(Top)
Yes. User can ONLY see sections assigned
to his/her individual profile.
(Top)
There are 5 types of Question/Response types:
1. Dichotomous Questions
2. Multiple Choice Questions
3. Combo Box
4. List Box
5. Descriptive Questions
(Top)
The dichotomous question is generally Yes/No, True/False or Agree/Disagree
question.
EXAMPLE:
Are there documented policies and procedures for managing security?
a) Yes b) No
(Top)
Multiple Choice Questions
Multiple choice questions can ask for single answer with multiple
options with rating.
EXAMPLE:
If you simulated any disasters how
frequently the disaster recovery plan tested?
a) Annually b) Semi-annually c) Monthly
d) Quarterly c) Other
(Top)
Combo Box questions typically require a single answers from multiple
options.
EXAMPLE:
What percentage of “business
as usual” servicing capability is the plan designed to address?
a) 1 – 10% b) 11-20% c) 21-30%
d) 31-40% e) 41-50% f) 51-75%
g) 76-99% h) 100%
(Top)
List Box questions require for multiple answers from multiple
options.
EXAMPLE:
Different types of operating system using in Company?
a) Red Hat Linux b) UNIX c) SUSE Linux d) Macintosh
e) Window XP f) Windows 2000 g) Window 98
(Top)
Descriptive Questions require essay
format and elaborative informational answers.
EXAMPLE:
Document how data is loaded into the
database and the checks that are performed to ensure accuracy
and validity of the data?
(Top)
Rating depends upon to importance and
relevance of questions and answers.
Clients can utilize rating built-ins
for:
1. Dichotomous Question
2. Multiple Choice Questions
3. Combo Box
NOTE: List Box and Descriptive questions
are exempted from Rating because list box contains multiple answers
and descriptive: illustrative or essay type answers.
(Top)
Basically there are four types’
reports.
-Online Report Card
-Cross analysis Report
-Survey Report
-Custom Reports
(Top)
This report provides analysis of the
sections tagged a particular user profile.
For example: If the user has three
sections tagged, he will get the three sections compliancy levels
and his performance report with graph shown below.
(Top)
This is an report analysis of multiple
users having two or more common sections tagged to their profiles,
to evaluate performance between the users.
For Example: Two users have same sections tagged to their profiles
then the graph below illustrates the correlation between the two
users.
(Top)
Report evaluates multiple users with
common sections tagged to their profile with individual break
down analysis.
For example: Some 25 users tagged with
same section (Security management) then the rating for each user
will be as below.
(Top)
Custom Reports are reports which are
generated upon customer request.
(Top)
All transactions are encrypted using SSL.
(Top)
The Audit build process depends on test criteria. A minimum 48
hours window is required to configure the application.
(Top)
As an authorized user one can use the LSO application for upto
21 days and for further extension users can contact Litmus InfoSec
at admin@litmusinfosec.com with proper identification.
(Top)
Yes, Litmus provides online documentation and phone support during
business hours.
(Top)
No
(Top)
The procedure for re-starting from
where you left off is very simple. You simply Log in to http://lso.litmusinfosec.com
with Login ID and Password. Select same section and continue with
the audit.
(Top)
There is no stipulated minimum grade as Audit Rating criteria
may vary from one audit to another.
(Top)
LSO is 100% compatible across all Windows, UNIX and Linux distributions
(Top)
LSO is currently compatible with Access
and Mysql databases.
(Top)
Minimum requirements:
Microsoft Windows 9x, Windows 2000, Windows NT, Windows Millennium,
or Windows XP
256 MHz processor
64 MB RAM
10 MB of hard drive space
Microsoft Internet Explorer 4.5+ or Mozilla
For best performance:
Microsoft Windows XP
266 MHz processor or faster
128 MB RAM
20 MB of hard drive space
Microsoft Internet Explorer 5.5+ or Mozilla
|
